Latest Updates

Trojan Specific Removal Software

Courtesy of the alt.comp.virus newsgroup participants.
(These "anti-malware" pages are the result of a continuing cooperative effort.)

Translated versions available: en Français

Anti-Virus Main Menu
Main Menu
by Andrew J. Lee
AVIEN Founding Member
http://avien.net |  gladius@gladius.f9.co.uk


  1. Overview
  2. What does a Trojan do?
  3. Detecting and Removing Trojans
  4. Protecting against Trojans



  1. Overview

    There are several common questions people ask about Trojans, and some common mistakes that they make when talking about malware in general, so I'll try to deal with those first.

    i. What is malware?

    Malware is the generic term often used to loosely describe all classes of "unwelcome" software.

    This basically can be said to include : Viruses, Worms, Trojans, and more recently Spyware.

    Sometimes the word malware is used interchangeably with any of these terms, but most commonly with the class of programs called Trojans. For the purposes of this article, I will deal exclusively with Trojans.

    ii. What is a Trojan?

    A Trojan, more properly a "Trojan horse" is a program that is usually delivered under the guise of another innocent program. It may or may not be malicious, damaging, compromising to security, annoying, or any number of things. Often they can combine any or all of those attributes. They can be carried by viruses, but it is important to realize that they are not in themselves viral.

    iii. Why isn't a Trojan a virus?

    Viruses can also be Trojans, but Trojans are not viruses.

    Confused yet? So is much of the world, and with more and more viruses being released with Trojan components - a good example is the Iworm.Badtrans virus - the distinction gets harder to define all the time.

    Basically, to be a virus, there must be a replicating portion of code.

    Trojans do not replicate, ergo, they are not viruses. If they did replicate they would be viruses!

    I have heard it defined like this "Trojans are broken viruses", however, I personally don't like that definition. This is because many Trojans serve a different "purpose"; they are never written as viruses, because they don't need to be.

    However, the most important thing to the person who has a Trojan or virus on their computer is not what it is called but how to get it off without losing all their precious data.

    iv. Why is it called a Trojan?

    A long time ago in a galaxy far far...oops, sorry wrong story. Well, anyway, a long time ago, a writer called Homer, not the bald yellow guy, a different one, wrote a book called the Iliad.

    In the book he relates the story of the fall of Troy. What happened was this:

    The Greeks, deciding that they wanted to invade Troy, came up with an idea how to accomplish this. Troy was a strong city, and they knew that there was little point holding it to siege, so they built a big wooden horse and sent it to Troy as a gift. The people of Troy, the Trojans, thought this was a lovely gesture, and brought the horse into their city. Later that night, a couple of Greek warriors crawled from their hiding place in the belly of the wooden horse, and opened the gates of Troy to allow access to their buddies waiting outside. The Greek armies rushed in and captured the city.

    We might think that this is somewhat silly, and wonder why the Trojans would be silly enough to accept a present like that from their enemies. However, every time that you click on an attachment in your email, or download a file from the Internet, this is the risk you take. Hence, the name is really quite apt. While you may not find the massed Greek army running through your modem port, you may well find that your acceptance of the gift has left the doors to your precious data wide open.


    [Back to the top]
     

  2. What does a Trojan do?

    By definition a Trojan Horse does something other than it is advertised to. They arrive looking like something harmless and without asking or informing you, "drop" their "payload".

    A trojan's "payload" can be any number of things, the most "popular" Trojans are a class called "Backdoors". Without your knowledge, this type of Trojan opens up a "door" or "hole" in the security of your computer. (Often they exploit known vulnerabilities in common software)

    This can allow anything from your keystrokes being logged and sent to someone, your passwords or Credit Card details transmitted to third parties, to allowing someone to remotely control your machine across the Internet. These are probably the most common Trojans, and some well known "Backdoor" Trojans include SubSeven, Keylogger, BackOrifice (BO2K), and AOL Password Stealer.

    There are literally hundreds of such Trojans, a good listing can be found at Moosoft.com There are other types of Trojans, with functions ranging from randomly opening folders or moving your mouse, to deleting random files or formatting your hard drives.

    This is another good reason that Trojans are distinguished from Viruses, to exist Viruses need to replicate, they don't wish to destroy themselves, Trojans have no such qualms, and will quite happily wipe themselves out along with all your data.

    [Back to the top]
     

  3. Detecting and Removing Trojans

    Detecting and Removing Trojans is often a tricky business. Some of them hook themselves deeply into the operating system, making them hard to remove safely.

    It's also generally harder to detect a Trojan, simply because it does not replicate, with a virus the fact that it replicates can give it away. Though there are some viruses which are hard to detect, in general, it is not so simple to decide that a file is exhibiting Trojan like behaviour.

    This may be partly why there is a large variation in Trojan detection rates with anti-virus scanners. The other reason is simply, they aren't viruses, so why should anti-virus scanners detect them.

    In recent times more and more companies have caught onto the idea that viruses are not the only threat to computer users, but that many viruses are now carrying Trojan portions.

    However, it's still probably wise to use a specific Trojan detector / cleaner to find or get rid of Trojans. There are a few of these programs about.

    The best solutions may probably be so called Behaviour Blocker programs. These prevent programs performing certain types of action, say writing code to another program, or writing to certain registry keys. However, there is a long way to go before these types of product become prevalent. For more information read Nick FitzGerald's examination of Generic Detection Software elsewhere in this site.

    Removal Tools for Viruses / Malware - Vendor List

    [Back to the top]
     

  4. Protecting against Trojans

    The best way to protect your computer from Trojans is not to do anything likely to allow one on to your system. Basically, if you don't run one, it won't compromise you. Have a look at the Safe-Hex guidelines on this site, diligent following of these rules will almost certainly ensure that you don't fall victim to a Trojan (or virus). If you do happen to pick one up, then having a personal firewall in place can help alert you to the fact, it can also prevent the Trojan from being effective by blocking access to it from external sources. Have a look at the Firewall page on this site for more info.

    [Back to the top]
     
       © Andrew J Lee 2001

© Claymania Creations 2001 - 2008. All applicable rights reserved.